Use knowledge of your network and the threat landscape to align remediation with your biggest risks
Your approach to vulnerability management may be putting your organization at greater risk. Just dealing with vulnerabilities that a vendor said were "critical" isn't enough and may still leave you susceptible to an...

Today, vulnerability management is a critical aspect of every enterprise's security program. Just a single vulnerability can be exploited by a attacker and enable an entry point to the network, and most large enterprises have hundreds of thousands of vulnerabilities on their network.
Paradoxically, 90 percent of...

The Payment Card Industry (PCI) established the Data Security Standard (DSS) in order to reduce the risk organizations and consumers face in relation to credit card fraud, hacking and various other security issues. A company processing, storing or transmitting credit card numbers must be PCI DSS compliant or it risks...

As cloud computing services evolve, the cloud opens up entirely new ways for potential attacks. Cloud systems and images have operating system and component vulnerabilities just like those in the enterprise. For example, Heartbleed, Shellshock and other major bugs can affect cloud systems, and there are new issues to...

Adoption of the new General Data Protection Regulation (GDPR) is motivating organizations worldwide to improve existing technical controls for securing personal information. Organizations should be especially aware that the GDPR and other recent legal developments amplify the negative repercussions of a data security...

Vulnerability scanning, or the process of identifying a list of known security gaps in the network environment, is the focal point for most enterprise vulnerability management programs. The use of vulnerability scanners as security assessment tools is nearly ubiquitous in large organizations. However, as network...

Automated change workflow is essential for any enterprise or government IT organization. A typical organization may receive hundreds of changes required each month with every request requiring hours of manual analysis to assess the potential impact to business continuity and security.
A flaw in the way a change is...

Intel faces 32 lawsuits filed over the trio of flaws in its CPUs known as Meltdown and Spectre, seeking damages for the security vulnerabilities as well as alleged insider trading. The flaws have also been cited in lawsuits against chipmakers AMD and ARM, as well as against Apple.

The Twitter accounts of several celebrities and politicians in India were recently hacked. Cybersecurity leaders discuss the challenges and risk mitigation strategies in dealing with social media attacks.

Concerns are already being raised about a law passed by Singapore's parliament Monday that establishes an information sharing platform by appointing a commissioner of cybersecurity to obtain confidential information from owners of critical information infrastructure about their security postures.

As threats and attacks become more frequent, the alerts and alarms to be investigated become more unmanageable. Plus, by the time the warnings are checked, the damage may already be done. We need a new paradigm that moves the enterprise from reactive to predictive. Can user behavior analytics and machine learning...

In a budget speech, India's finance minister announced the launch of a "cyberspace mission" and an effort to promote the use of several new technologies, including blockchain, to bolster the nation's data security. Security experts offer mixed reviews of the announcements.